<?php
    session_start();
    require_once('userlevel.php'); //Require/include the permissions file
    require_once('template.php'); //Require/include the template file
    require_once('functions.php'); //Require/include the functions file
    require_once('db.php'); //Require/include the file with the database connection information
     
    if (!$_SESSION['user_loggedin']) {
        die ("Not logged in... <script>document.location.href='login.php'</script>");
    } elseif (!($_SESSION['userlevel'] >= $userlevel['promoteuser'])) {
        die (errorpage ("Your user level is not high enough to use this feature!", 'Change User Level'));
    } else {
        $id = mysql_escape_string($_GET['id']);
        //Connect to DB and connect to the database using db.php
        $db = new my_db;
        template_headtag("Change user level");
        template_header();
        template_left();
        echo "<div class='pageheadertext'>Change user level</div>";
        if (!empty($id)) {
            if (!empty($_POST['newuserlevel'])) {
                 
                //$id = mysql_escape_string($_POST['id']); // causing errors
                $userlevel = mysql_escape_string($_POST['newuserlevel']);

                $db->query("UPDATE login SET userlevel='$userlevel' WHERE id='$id'");
                echo "<p>User information is updated.</p>";
                
                echo "<p><strong>Note:</strong><br />If user is logged in, changes will occur after next login.</p>";
                echo "<a href='javascript:history.back(1)'>Back</a>";
                 
            } else {
                 
                $db->query("SELECT * FROM login WHERE id ='$id'");
                if ($db->nf() > 0) {
                    $db->next_record();
                    $username = strip_tags($db->f("username"));
                    $userlevel = strip_tags($db->f("userlevel"));
                     
                    if ($userlevel == "0") {
                        $userlevelold = "Public/No Login";
                    } elseif ($userlevel == "1") {
                        $userlevelold = "Normal user";
                    } elseif ($userlevel == "2") {
                        $userlevelold = "Developer";
                    } elseif ($userlevel == "3") {
                        $userlevelold = "Admin";
                    }
                     
                    echo "
                        <div align='center'><form method='post' action='changeuserlevel.php?id=$id'>
                        Change User : $username from $userlevelold to
                        <select name='newuserlevel'>
                        <option value='1' selected='selected'>Normal user</option>
                        <option value='2'>Developer</option>
                        <option value='3'>Admin</option>
                        </select><br/><br />
                        <input type='submit' name='Submit' value='Update'/>
                        </form></div>
                        ";
                } else {
                    errorbox('Invalid User id');
                    echo "<div align='center'><br/><a href='javascript:history.back(1)'>Back</a></div>";
                }
            }
        } else {
            errorbox('Invalid User id');
            echo "<div align='center'><br/><a href='javascript:history.back(1)'>Back</a></div>";
        }
         
        template_footer();
         
    }
?>
